Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• Saudi Arabia’s
national oil company, Aramco, said December 9 that a cyberattack against it in
August that damaged some 30,000 computers was aimed at stopping oil and gas
production in Saudi Arabia. The attack on Aramco — which supplies a tenth of
the world’s oil — was one of the most destructive hacker strikes against a
single business. – Reuters

1. December 9, Reuters – (International) Saudi
Aramco says hackers took aim at its production. Saudi Arabia’s national oil
company, Aramco, said December 9 that a cyberattack against it in August that
damaged some 30,000 computers was aimed at stopping oil and gas production in
Saudi Arabia. The attack on Saudi Aramco — which supplies a tenth of the
world’s oil — failed to disrupt production, but was one of the most destructive
hacker strikes against a single business. Hackers from a group called Cutting
Sword of Justice claimed responsibility for the attack, saying that their
motives were political and that the virus gave them access to documents from
Aramco’s computers, which they threatened to release. No documents were
published. Aramco and the Saudi Interior Ministry were investigating the
attack. A ministry spokesman said the attackers were an organized group
operating from countries on four continents. The attack used a computer virus
known as Shamoon, which infected workstations on August 15. The company shut
its main internal network for more than a week. Shamoon spread through Aramco’s
network and wiped computers’ hard drives clean. Aramco said damage was limited
to office computers and did not affect systems software that might harm
technical operations. Source: http://www.nytimes.com/2012/12/10/business/global/saudi-aramco-says-hackers-took-aim-at-its-production.html

•Standard Chartered Plc agreed to pay $327 million of
fines after regulators alleged it violated U.S. sanctions with Iran, Bloomberg
News reported December 10. – Bloomberg NewsSee item 4 below in the Banking and Finance Sector

•A spokesman for the Frederick County, Maryland
Division of Fire and Rescue Services said December 7 that information was
illegally accessed from a company that provides data services for the ambulance
service. – Associated Press

25. December 7, Associated Press – (Maryland) Information
from ambulance billing stolen. Frederick County, Maryland’s rescue service
said account information from the ambulance billing system was stolen and given
to a theft ring. A spokesman for the Frederick County Division of Fire and
Rescue Services said December 7 that the company which provides data services
for the ambulance service learned in October that information had been
illegally accessed. The company, Advanced Data Processing Inc., said some
individual account information had been disclosed to a theft ring suspected of
filing fraudulent federal tax returns. The theft included ambulance data from
Frederick County and First Response Medical Transportation Corp. Advanced Data
Processing said it notified people that were affected. Source: http://www.sfgate.com/news/crime/article/Information-from-ambulance-billing-stolen-4100280.php

•Security researchers from Carnegie Mellon
University, in collaboration with experts from Coherent Navigation, identified
new attack vectors against the Global Positioning System (GPS), Softpedia
reported December 10. – SoftpediaSee item 30 below in the Communications Sector

Details

Banking and Finance Sector

4. December
10, Bloomberg News – (International) Standard Chartered to pay $327 million in
U.S.-Iran transfers case. Standard Chartered Plc agreed to pay $327 million
of fines after regulators alleged it violated U.S. sanctions with Iran,
Bloomberg News reported December 10. The bank will pay $100 million to the
Federal Reserve and $227 million to the U.S. Department of Justice and the
District Attorney for New York County. The settlement includes a $132 million
fine to the Treasury Department’s Office of Foreign Assets Control, according
to a statement from the Federal Reserve. ”The orders address unsafe and unsound
practices related to inadequate and incomplete responses to examiner inquiries
as well as insufficient oversight of its compliance program for U.S. economic
sanctions, Bank Secrecy Act, and anti-money- laundering requirements,” the
Federal Reserve said in the statement. As part of that agreement, the U.S.
charged the bank with one count conspiring to violate the International
Emergency Economic Powers Act. That charge will be dismissed after two years if
Standard Chartered abides by the terms of the agreement, according to court
papers. Source: http://www.businessweek.com/news/2012-12-10/standard-chartered-pays-327-million-in-u-dot-s-dot-iran-transfers-case

5. December
9, KSL-TV 5 Salt Lake City – (Utah) 2 men used truck to assist
in ATM theft, police say. Police are looking for two people they said pried
open the doors at a Murray, Utah gas station and used a pickup truck to steal
an ATM December 9. A Murray Police sergeant said a white truck with a utility
shell backed up to the entrance of a Tesoro gas station. After forcing the door
open, one man entered the store and tied a tow rope to the ATM. The driver of
the truck then dragged the ATM out of the store and partway down the street
before it was loaded into the vehicle. Source: http://www.ksl.com/?sid=23312404&nid=148

6. December
8, Reading Eagle – (Pennsylvania) 4 arrested in bank-cheating check scheme. Police
in Berks County, Pennsylvania, charged a Maryland woman and used a vehicle’s
GPS tracking system to arrest three other suspects in a State-wide
counterfeit-check scheme that stole more than $100,000 from Metro and Vist
Financial banks, the Reading Eagle reported December 8. The scheme, which
operated in the Reading, Harrisburg, York, and Philadelphia areas, originated
in February. It was led by a Maryland man who drove “runners” to various banks
to cash phony checks, police said. Exeter Township police said they arrested
one of those runners December 6 on charges she cashed a bogus check at a Metro
Bank branch. The man suspected of leading the scheme was stopped by police
December 7. Exeter police had learned the man was driving a leased car and were
able to track his location by using GPS information provided by the leasing
company. Two other suspected runners were also arrested. Source: http://readingeagle.com/article.aspx?id=433933

7. December
8, Associated Press – (California) ‘Tiger Bandit’ bank robber arrested in Calif. Authorities
said a suspected robber dubbed the “Tiger Bandit” implicated himself in five
southern California bank heists, the Associated Press reported December 8. Los
Angeles County Sheriff’s officials said the suspect was arrested December 4
when deputies served a search warrant at a relative’s house in Compton. The
suspect got his nickname because he was caught in surveillance photos wearing a
Detroit Tigers baseball cap. Investigators recovered clothing believed to have
been worn during the robberies and some cash. Detectives also seized a car
which matched surveillance video images of the getaway car used during a Santa
Monica robbery. The suspect is also linked to bank robberies in Huntington
Beach, Marina del Rey, Long Beach, and Lomita since November 23. Source: http://www.sfgate.com/news/crime/article/Tiger-Bandit-bank-robber-arrested-in-Calif-4083442.php

8. December
7, American Banker – (International) Skimming, trapping threatened ATMs in 2012:
Survey. Fraud and physical attacks against ATMs rose globally in 2012,
according to a survey of 225 respondents worldwide released December 6 by the
ATM Industry Association. According to the survey, the swiping of details
embedded in the magnetic stripes of debit and credit cards inserted into ATMs
remains the top threat to ATM security, followed by the deployment of devices
that trap cash or cards and prevent them from being dispensed to customers. The
use of gas and explosives to destroy ATMs increased in the past six months as
well, according to the survey. Forty-five percent of those surveyed said
criminal attacks on ATMs in their country or region rose since the second
quarter, while 53 percent said fraud and attacks on ATMs have added costs to
their businesses. Roughly 54 percent of respondents said they invested more in
security technology compared with six months ago, while 42 percent report no
change in their investment. Source: http://www.americanbanker.com/issues/177_235/skimming-trapping-threatened-atms-in-2012-survey-1055023-1.html

9. December
7, U.S. Securities and Exchange Commission – (Florida) SEC
charges prominent entrepreneur in Miami-based scheme. The U.S. Securities
and Exchange Commission (SEC) December 7 charged a prominent Miami-based
entrepreneur with defrauding investors by grossly exaggerating the financial
success of his company that purportedly produced housing materials to withstand
fires and hurricanes. The man stole at least $8.1 million, nearly half of the
money raised from investors, to pay for various luxury expenses. The SEC
alleges that the man raised at least $16.8 million from investors by portraying
InnoVida Holdings LLC as having millions of dollars more in cash and equity
than it actually did. To add an air of legitimacy to his company, he assembled
a high-profile board of directors that included a former governor of Florida, a
lobbyist, and a major real estate developer. He falsely told a potential
investor he had invested tens of millions of dollars of his own money as
InnoVida’s largest stakeholder, and he hyped a Middle Eastern sovereign wealth
fund investment as a ruse to solicit additional funds from investors. The SEC
also charged InnoVida’s chief financial officer, a certified public accountant
living in Pembroke Pines, who helped the man create the false financial picture
of InnoVida. Source: http://www.sec.gov/news/press/2012/2012-258.htm

For
more stories, see items 25 above in Top Storiesand 27 and
29 below in the Information Technology Sector

Information Technology Sector

26. December
10, Softpedia – (International) Exforel backdoor implemented at NDIS level to
be more stealthy. Security researchers from Microsoft’s Malware Protection
Center have identified a variant of the Exforel backdoor malware,
VirTool:WinNT/Exforel.A, that is somewhat different from other malicious
elements of this kind. The backdoor is implemented at the Network Driver Interface
Specification (NDIS) level. Since Exforel.A implements a private TCP/IP stack
and hooks NDIS_OPEN_BLOCK for the TCP/IP protocol, the backdoor TCP traffic is
diverted to the private TCP/IP stack and then delivered to the backdoor. This
makes this variant of the malware more low-level and stealthy because there is
no connecting or listening port. Furthermore, the backdoor traffic is invisible
to user-mode applications. According to experts, this particular version of
Exforel – which can download, upload, and execute files, and rout TCP/IP
packets – is used in a targeted attack against a particular organization.
Source: http://news.softpedia.com/news/Exforel-Backdoor-Implemented-at-NDIS-Level-to-Be-More-Stealthy-Experts-Say-313567.shtml

27. December
10, Help Net Security – (International) Beware of Bitcoin
miner posing as Trend Micro AV. Trend Micro researchers recently uncovered
a piece of malware that tried to pass itself off as “Trend Micro AntiVirus Plus
AntiSpyware”. The software in question is a trojan that creates the process
svchost.exe and downloads additional malicious components such as a Bitcoin
miner application created by Ufasoft. This particular application will,
unbeknownst to the victim, use the infected system’s resources to create
Bitcoins for the people behind this scheme. “This attack is timely because of
the news that Bitcoin Central has been approved by the law to function as a
bank where exchange from Euro and Bitcoins are now possible,” the researchers
noted. Source: http://www.net-security.org/malware_news.php?id=2349&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader

28. December
9, Associated Press – (International) Ex-Idaho woman hiding after $163m federal
judgment. A former Idaho woman believed to be hiding out in the Caribbean
owes the U.S. government $163 million, part of a federal civil judgment earlier
this year stemming from an Internet scam, the Associated Press reported
December 9. According to the Federal Trade Commission (FTC), she participated
in an Internet scheme in which people were frightened into buying
virus-protection software they did not need. Others involved in the business,
called Innovative Marketing, paid some $16 million in settlements. But the
woman from Idaho remains at large, possibly on the Caribbean island of Nevis.
Her former boyfriend is also an international fugitive targeted by the FBI’s
cybercrimes unit. Innovative Marketing pushed advertisements that claimed users
had hundreds of viruses or illegal files that needed cleansing and offered
software for $39.95 or more. But installing the product did not help; it gave
the user more scareware ads, according to the FTC. Source: http://www.foxreno.com/news/ap/crime/ex-idaho-woman-hiding-after-163m-federal-judgment/nTQ95/

29. December
8, PC World – (Texas) Anonymous affiliate indicted for threats, stolen
credit cards. A federal grand jury in Dallas indicted a putative spokesman
for the hacker collective known as Anonymous in connection with a massive data
breach of Stratfor Global Intelligence. The man is in federal prison based on
another indictment returned against him October 3. In that case he was charged
with making a threat on the Internet, conspiring to make public restricted personal
information of a federal employee, and retaliation against a federal law
enforcement officer. One of the crimes he is accused of in the indictment is
transferring a hyperlink from an Internet Relay Chat (IRC) channel apparently
occupied by Anonymous to a channel controlled by himself. The hyperlink
provided access to data stolen from Stratfor, which included more than 5000
credit card account numbers, information about their owners, and their Card
Verification Values (CVV). By transferring and posting the hyperlink to the
Internet, the man caused the data to be made available to persons online
without the knowledge and authorization of Stratfor or the cardholders. He is
also charged with possession of at least 15 credit card numbers and their CVV
codes without the knowledge of the cardholders with intent to defraud them. In
addition, the indictment accuses him of aggravated identity theft by knowingly
transferring and possessing without lawful authority the means of
identification of the credit card holders. Source: http://www.pcworld.com/article/2019242/anonymous-affiliate-indicted-for-threats-stolen-credit-cards.html

For more stories, see item 30 below in the Communications Sector

Communications Sector

30. December
10, Softpedia – (National) GPS software attacks more dangerous than jamming
and spoofing, experts say. Security researchers from Carnegie Mellon
University, in collaboration with experts from Coherent Navigation, identified
new attack vectors against the Global Positioning System (GPS), Softpedia
reported December 10. According to the researchers, a malicious 45-second GPS
broadcast is capable of taking down more than 30 percent of the Continually
Operating Reference Station (CORS) network, which is used for safety and
life-critical applications. Furthermore, it could also disrupt 20 percent of
the Networked Transport of RTCM via Internet Protocol (NTRIP) systems. A total
of three new attack methods have been identified: GPS data level attacks, GPS
receiver software attacks, and GPS dependent system attacks. GPS data level
attacks are somewhat similar to spoofing, but they can cause more damage. For
instance, such an attack can remotely crash a high-end receiver. The second
type of attacks leverages the fact that GPS receivers run some kind of computer
software that can be remotely compromised. Since GPS receivers are most often
seen as devices instead of computers, the security holes leveraged by attackers
can remain unpatched for extended periods of time. In order to mitigate such
threats, experts recommend stronger verification of GPS receiver software and
the deployment of regular software updates for IP-enabled devices. Another
mitigation strategy refers to the use of Electronic GPS Attack Detection System
(EGADS) that alerts users when an attack is underway, and an Electronic GPS
Whitening System (EGWS) that re-broadcasts a whitened signal to otherwise
vulnerable receivers. One noteworthy thing about these types of attacks is that
they do not require sophisticated or expensive equipment. The hardware utilized
by the researchers costs only about $2,500. Source: http://news.softpedia.com/news/GPS-Software-Attacks-More-Dangerous-Than-Jamming-and-Spoofing-Experts-Say-313388.shtml

31. December
10, Lower Providence Patch – (Pennsylvania) Police: Over $22,000
worth of copper cables stolen in Audubon. Lower Providence, Pennsylvania
police reported that five copper power cables, worth over $22,000, were stolen
from the Sprint/Nextel parking lot in Audubon. The incident was reported
December 4 by a Sprint/Nextel switch technician. The technician told police
that the cables were stolen from portable generators left on the property.
According to police, at the time of the report two Olympian generators and
three Generac generators were returned to the business and placed in its
parking lot, with the power cables attached and in working order. The
approximate value of each cable is $4,500. Source: http://lowerprovidence.patch.com/articles/police-over-22-000-worth-of-copper-cables-stolen-in-audubon

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"